Flarely LegalDoH
Configure DNS over HTTPS with CloudFlare Zero Trust and Ubiquiti UniFi
CloudFlare Zero Trust
-
Create a new account using the free plan.
-
Open the Zero Trust Dashboard
-
Under Gateway, DNS Locations, Select Add a DNS location
-
Enable DNS over HTTPS (DoH) and leave the other DNS endpoints disabled
-
After creating the DNS location, copy the URL of DNS over HTTPS (DoH), which will look something like:
https://example275.cloudflare-gateway.com/dns-query -
Paste that value in a text editor, removing
https://and/dns-query, which will look something like:example275.cloudflare-gateway.com -
This URL is unique for your CloudFlare Zero Trust account and for this DNS Location
Generate DNS Stamp
Use the tool below to generate your DNS stamp automatically:
DNS Stamp Generator
Enter hostname without https:// or /dns-query
Alternative: Online DNS Stamp Calculator
You can also use the external DNScrypt Stamp Calculator:
- Select DNS over HTTPS (DoH) under Protocol
- Paste the value from above under Host name (vhost+SNI) and optional port number
- Ensure Path is
/dns-query - Copy the calculated DNS Stamp available under the Stamp
Ubiquiti UniFi Site Manager
-
Select your Network
-
Open Settings
-
Select Security
-
Select Custom under DNS Shield
-
Enter CloudFlare under Server Name
-
Enter the value of Stamp from above under DNS Stamp:
sdns://AgcAAAAexampleAAAAA9kbnMtcXVlcnk -
Select Apply Changes